CVE-2022-39332 Nextcloud desktop sync client with desktop client application, attacker can inject HTML.

When upgrading the Nextcloud Desktop client, users are recommended to make sure they are using the latest version available from the Nextcloud website. To upgrade the Nextcloud Desktop client, users can follow the instructions here. It is recommended that users run version 3.6.1 or higher when upgrading the Nextcloud Desktop client.
In order to upgrade the Nextcloud Desktop client, users can follow the instructions here. It is recommended that users run version 3.6.1 or higher when upgrading the Nextcloud Desktop client.
When upgrading the Nextcloud Desktop client, users are recommended to make sure they are using the latest version available from the Nextcloud website. To upgrade the Nextcloud Desktop client, users can follow the instructions here. It is recommended that users run version 3.6.1 or higher when upgrading the Nextcloud Desktop client. An attacker can inject arbitrary HyperText Markup Language into the Nextcloud web interface via external source. It is recommended that the Nextcloud web interface is updated to version 10.0.7 or higher. It is recommended that users run version 10.0.7 or higher when updating the Nextcloud web interface. An attacker can inject arbitrary JavaScript into the Nextcloud web interface via external source. It is recommended that the Nextcloud web interface is updated to version 10.0.7 or higher. It is recommended that users run version 10.0.7 or higher when updating the Nextcloud web interface

What is IBM Flash Performance Advisory?

The IBM Flash Performance Advisory is a security advisory that alerts users of the potential risk of malicious attacks against browsers and email clients. It is issued every week, with each issue being updated as new vulnerabilities are discovered.

Nextcloud Server Security

To ensure that your Nextcloud Server is secure, you should make sure your server has an updated version of the Nextcloud Desktop client. When upgrading the Nextcloud Desktop client, users are recommended to make sure they are using the latest version available from the Nextcloud website.
An attacker can inject arbitrary JavaScript into the Nextcloud web interface via external source. It is recommended that the Nextcloud web interface is updated to version 10.0.7 or higher. It is recommended that users run version 10.0.7 or higher when updating the Nextcloud web interface

Timeline

Published on: 11/25/2022 20:15:00 UTC
Last modified on: 12/01/2022 17:37:00 UTC

References

• https://github.com/nextcloud/desktop/pull/4972
• https://hackerone.com/reports/1707977
• https://github.com/nextcloud/security-advisories/security/advisories/GHSA-q9f6-4r6r-h74p
• https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2022-39332